Sweet32 Attacks Against Triple-DES (3DES) and Blowfish

Legacy ciphers such as triple-DES (3DES) and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key. Security researchers were able to use a Sweet32 attack and take authentication cookies from HTTPS-protected traffic using triple-DES (3DES) and Blowfish and recover login credentials to be able to access to accounts.

Sweet32 is a collision attack against triple-DES (3DES) and Blowfish in cipher block chaining (CBC) mode. In CBC mode, input collisions lead to XOR of two message blocks. When lots of message blocks are encrypted with the same key in this mode, collisions become more likely, which leads to getting the contents of two different message blocks as output. Attackers can target a victim’s authentication cookie by luring them to a malicious site and injecting JavaScript into the victim’s browser. JavaScript repeatedly sends HTTP queries to a site the victim is logged into, and each request will include the authentication cookie.

Blowfish and 3DES are still supported in TLS, IPsec, SSH, and other protocols. Enterprises and developers should treat 3DES and Blowfish in the same way they treat RC4: stop using it.